Added SECURITY.md

techthoughts2 · Dec 24, 2023 · 8d63fde · 8d63fde
1 parent b4f222d
commit 8d63fde
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+<!--- Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc. -->
+
+If you discover a vulnerability in PoshGram, please follow the _following process_:
+
+1. Open a generic bug issue advising you have discovered a vulnerability.
+   - Avoid sharing specifics or details of the vulnerability in an open GitHub issue.
+2. A repo owner will reach out to you to establish a private form of communication.
+3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
+
+   Please **do not disclose the vulnerability publicly** until a fix is released!
+
+4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - `install_modules.ps1` - bumped module versions to latest
 - Misc
     - Updated `settings.json` for tab requirements to support Readthedocs
+    - Added `SECURITY.md`
     - Updated `LICENSE` year
 
 ## [2.3.0]